DMVPN Randomly disconnects for 10 minutes

Arpanet69 · April 16, 2022, 6:58pm

Hi Alll,

So i got the DMVPN working but it randomly at least once per 2 days it will disconnect and the tunnel needs 10 minutes to restore. When i check the logging i don’t see anything unusual but maybe am missing something.

We use PRTG as our network monitor so we see these tunnels go down randomly on all the spokes. All the spokes have the same configuration. We can also see that when the tunnel breaks the internet line not being over utilized, most cases not used of 10% of its capacity.

Apr 11 21:25:03 ACS0002-CE1 charon: 07[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:03 ACS0002-CE1 charon: 14[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:03 ACS0002-CE1 charon: 14[ENC] parsed INFORMATIONAL_V1 request 2644674311 [ HASH N(DPD_ACK) ]
Apr 11 21:25:08 ACS0002-CE1 charon: 15[IKE] sending DPD request
Apr 11 21:25:08 ACS0002-CE1 charon: 15[ENC] generating INFORMATIONAL_V1 request 3592327148 [ HASH N(DPD) ]
Apr 11 21:25:08 ACS0002-CE1 charon: 15[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:08 ACS0002-CE1 charon: 12[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:08 ACS0002-CE1 charon: 12[ENC] parsed INFORMATIONAL_V1 request 3344920149 [ HASH N(DPD_ACK) ]
Apr 11 21:25:15 ACS0002-CE1 charon: 05[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:15 ACS0002-CE1 charon: 05[ENC] parsed INFORMATIONAL_V1 request 3983627467 [ HASH N(DPD) ]
Apr 11 21:25:15 ACS0002-CE1 charon: 05[ENC] generating INFORMATIONAL_V1 request 2947651394 [ HASH N(DPD_ACK) ]
Apr 11 21:25:15 ACS0002-CE1 charon: 05[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:19 ACS0002-CE1 charon: 11[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:19 ACS0002-CE1 charon: 11[ENC] parsed INFORMATIONAL_V1 request 406518158 [ HASH N(DPD) ]
Apr 11 21:25:19 ACS0002-CE1 charon: 11[ENC] generating INFORMATIONAL_V1 request 1707657265 [ HASH N(DPD_ACK) ]
Apr 11 21:25:19 ACS0002-CE1 charon: 11[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:29 ACS0002-CE1 charon: 16[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:29 ACS0002-CE1 charon: 16[ENC] parsed INFORMATIONAL_V1 request 3520692095 [ HASH N(DPD) ]
Apr 11 21:25:29 ACS0002-CE1 charon: 16[ENC] generating INFORMATIONAL_V1 request 1311576585 [ HASH N(DPD_ACK) ]
Apr 11 21:25:29 ACS0002-CE1 charon: 16[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:40 ACS0002-CE1 charon: 13[IKE] sending DPD request
Apr 11 21:25:40 ACS0002-CE1 charon: 13[ENC] generating INFORMATIONAL_V1 request 3462665201 [ HASH N(DPD) ]
Apr 11 21:25:40 ACS0002-CE1 charon: 13[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:40 ACS0002-CE1 charon: 06[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:40 ACS0002-CE1 charon: 06[ENC] parsed INFORMATIONAL_V1 request 1046720514 [ HASH N(DPD_ACK) ]
Apr 11 21:25:44 ACS0002-CE1 charon: 05[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:44 ACS0002-CE1 charon: 05[ENC] parsed INFORMATIONAL_V1 request 3294605962 [ HASH N(DPD) ]
Apr 11 21:25:44 ACS0002-CE1 charon: 05[ENC] generating INFORMATIONAL_V1 request 1814916764 [ HASH N(DPD_ACK) ]
Apr 11 21:25:44 ACS0002-CE1 charon: 05[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:50 ACS0002-CE1 charon: 14[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:50 ACS0002-CE1 charon: 14[ENC] parsed INFORMATIONAL_V1 request 1020056780 [ HASH N(DPD) ]
Apr 11 21:25:50 ACS0002-CE1 charon: 14[ENC] generating INFORMATIONAL_V1 request 258868741 [ HASH N(DPD_ACK) ]
Apr 11 21:25:50 ACS0002-CE1 charon: 14[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:56 ACS0002-CE1 charon: 12[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:25:56 ACS0002-CE1 charon: 12[ENC] parsed INFORMATIONAL_V1 request 4175071116 [ HASH N(DPD) ]
Apr 11 21:25:56 ACS0002-CE1 charon: 12[ENC] generating INFORMATIONAL_V1 request 3737562783 [ HASH N(DPD_ACK) ]
Apr 11 21:25:56 ACS0002-CE1 charon: 12[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:26:15 ACS0002-CE1 charon: 13[NET] received packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)
Apr 11 21:26:15 ACS0002-CE1 charon: 13[ENC] parsed INFORMATIONAL_V1 request 3219509604 [ HASH N(DPD) ]
Apr 11 21:26:15 ACS0002-CE1 charon: 13[ENC] generating INFORMATIONAL_V1 request 1118370615 [ HASH N(DPD_ACK) ]
Apr 11 21:26:15 ACS0002-CE1 charon: 13[NET] sending packet: from IP_ADDRESS[500] to IP_ADDRESS[500] (108 bytes)

Am curious what causes the issue.

Rufat · April 11, 2022, 7:29pm

Hello @Arpanet69, can you tell me which version you are using?

Arpanet69 · April 13, 2022, 8:54am

Hi Rufat,

Am using the following version for all my spokes and hubs:
Version: VyOS 1.3.0-rc6
Release Train: equuleus

Thanks!

Rufat · April 13, 2022, 7:21pm

@Arpanet69 I think you should look at the logs on both Hub and Spoke when you have a problem. Usually this problem can be in several parts. Please send hub dmvpn configurations and logs with any spokes? Also, what type of connection do you use for dmvpn?

Arpanet69 · April 15, 2022, 10:05pm

HUB:

set interfaces tunnel tun0 address '172.16.0.1/16'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 mtu '1400'
set interfaces tunnel tun0 multicast 'enable'
set interfaces tunnel tun0 parameters ip key '1'
set interfaces tunnel tun0 source-address 'WAN_IP_ADDRESS'

set protocols nhrp tunnel tun0 cisco-authentication 'PASSWORD'
set protocols nhrp tunnel tun0 holding-time '300'
set protocols nhrp tunnel tun0 multicast 'dynamic'
set protocols nhrp tunnel tun0 redirect


set vpn ipsec esp-group ESP-ANTECH compression 'disable'
set vpn ipsec esp-group ESP-ANTECH lifetime '1800'
set vpn ipsec esp-group ESP-ANTECH mode 'transport'
set vpn ipsec esp-group ESP-ANTECH pfs 'dh-group16'
set vpn ipsec esp-group ESP-ANTECH proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-ANTECH proposal 1 hash 'sha256'
set vpn ipsec ike-group IKE-ANTECH close-action 'none'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection action 'restart'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection interval '3'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection timeout '30'
set vpn ipsec ike-group IKE-ANTECH ikev2-reauth 'no'
set vpn ipsec ike-group IKE-ANTECH key-exchange 'ikev1'
set vpn ipsec ike-group IKE-ANTECH lifetime '3600'
set vpn ipsec ike-group IKE-ANTECH proposal 1 dh-group '16'
set vpn ipsec ike-group IKE-ANTECH proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-ANTECH proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PASSWORD'
set vpn ipsec profile NHRPVPN bind tunnel 'tun0'
set vpn ipsec profile NHRPVPN esp-group 'ESP-ANTECH'
set vpn ipsec profile NHRPVPN ike-group 'IKE-ANTECH'

SPOKE:

set interfaces tunnel tun0 address '172.16.0.25/16'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 mtu '1400'
set interfaces tunnel tun0 multicast 'enable'
set interfaces tunnel tun0 parameters ip key '1'
set interfaces tunnel tun0 policy route 'MSS_TUNNEL'
set interfaces tunnel tun0 source-address 'WAN_IP_ADDRESS'

set protocols nhrp tunnel tun0 cisco-authentication 'PASSWORD'
set protocols nhrp tunnel tun0 holding-time '300'
set protocols nhrp tunnel tun0 map 172.16.0.1/16 nbma-address 'WAN_HUB_IP'
set protocols nhrp tunnel tun0 map 172.16.0.1/16 register
set protocols nhrp tunnel tun0 multicast 'nhs'
set protocols nhrp tunnel tun0 redirect
set protocols nhrp tunnel tun0 shortcut

set vpn ipsec esp-group ESP-ANTECH compression 'disable'
set vpn ipsec esp-group ESP-ANTECH lifetime '1800'
set vpn ipsec esp-group ESP-ANTECH mode 'transport'
set vpn ipsec esp-group ESP-ANTECH pfs 'dh-group16'
set vpn ipsec esp-group ESP-ANTECH proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-ANTECH proposal 1 hash 'sha256'
set vpn ipsec ike-group IKE-ANTECH close-action 'none'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection action 'restart'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection interval '3'
set vpn ipsec ike-group IKE-ANTECH dead-peer-detection timeout '30'
set vpn ipsec ike-group IKE-ANTECH ikev2-reauth 'no'
set vpn ipsec ike-group IKE-ANTECH key-exchange 'ikev1'
set vpn ipsec ike-group IKE-ANTECH lifetime '3600'
set vpn ipsec ike-group IKE-ANTECH proposal 1 dh-group '16'
set vpn ipsec ike-group IKE-ANTECH proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-ANTECH proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'pppoe0'
set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PASSWORD'
set vpn ipsec profile NHRPVPN bind tunnel 'tun0'
set vpn ipsec profile NHRPVPN esp-group 'ESP-ANTECH'
set vpn ipsec profile NHRPVPN ike-group 'IKE-ANTECH'

set policy route MSS_TUNNEL description 'MSS_TUNNEL'
set policy route MSS_TUNNEL rule 10 protocol 'tcp'
set policy route MSS_TUNNEL rule 10 set tcp-mss '1360'
set policy route MSS_TUNNEL rule 10 tcp flags 'SYN'

set policy route MSS description 'MSS'
set policy route MSS rule 5 protocol 'tcp'
set policy route MSS rule 5 set tcp-mss '1452'
set policy route MSS rule 5 tcp flags 'SYN'

Logs will follow when i catch the issue.

Thanks!

Arpanet69 · April 18, 2022, 8:47pm

Following thing i noticed in the log around the outage is the following:


Apr 18 20:48:44 ACS0001-CE1 charon: 14[NET] <dmvpn-NHRPVPN-tun0|227> sending packet: from LOCALIP[500] to HUBIP[500] (108 bytes)
Apr 18 20:48:45 ACS0001-CE1 charon: 05[KNL] creating delete job for CHILD_SA ESP/0xc7515fac/LOCALIP
Apr 18 20:48:45 ACS0001-CE1 charon: 05[IKE] <dmvpn-NHRPVPN-tun0|227> closing expired CHILD_SA dmvpn{447} with SPIs c7515fac_i c4aec80a_o and TS LOCALIP/32[gre] === HUBIP/32[gre]
Apr 18 20:48:45 ACS0001-CE1 charon: 05[IKE] <dmvpn-NHRPVPN-tun0|227> sending DELETE for ESP CHILD_SA with SPI c7515fac
Apr 18 20:48:45 ACS0001-CE1 charon: 05[ENC] <dmvpn-NHRPVPN-tun0|227> generating INFORMATIONAL_V1 request 2379804127 [ HASH D ]
Apr 18 20:48:45 ACS0001-CE1 charon: 05[NET] <dmvpn-NHRPVPN-tun0|227> sending packet: from LOCALIP[500] to HUBIP[500] (92 bytes)
Apr 18 20:48:45 ACS0001-CE1 charon: 05[KNL] creating delete job for CHILD_SA ESP/0xc4aec80a/HUBIP
Apr 18 20:48:45 ACS0001-CE1 charon: 05[JOB] CHILD_SA ESP/0xc4aec80a/HUBIP not found for delete

Rufat · April 19, 2022, 3:41pm

@Arpanet69 Can you share the results of the following commands on the hub and any spoke device?
show configuration | strip-private
and
journalctl -x

Arpanet69 · April 19, 2022, 4:08pm

HUB


antech@AC-DC1-PE1:~$ show configuration | strip-private
interfaces {
    ethernet eth0 {
        address xxx.xxx.183.218/30
        description WAN
    }
    ethernet eth1 {
        description VSWITCH
        vif 20 {
            address xxx.xxx.20.1/24
            description MNG
        }
        vif 30 {
            address xxx.xxx.30.1/24
            description SIP
        }
    }
    ethernet eth2 {
        address xxx.xxx.10.1/24
        description PVE-MNG
    }
    loopback lo {
    }
    tunnel tun0 {
        address xxx.xxx.0.1/16
        encapsulation gre
        mtu 1400
        multicast enable
        parameters {
            ip {
                key xxxxxx
            }
        }
        source-address xxx.xxx.183.218
    }
}
nat {
    destination {
        rule 10 {
            description "PRTG SERVER"
            destination {
                port 443
            }
            inbound-interface eth0
            protocol tcp
            translation {
                address xxx.xxx.20.10
            }
        }
        rule 11 {
            description "JUMP HOST Antech"
            destination {
                port 3389
            }
            inbound-interface eth0
            protocol tcp
            translation {
                address xxx.xxx.20.5
            }
        }
    }
    source {
        rule 101 {
            outbound-interface eth0
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    nhrp {
        tunnel tun0 {
            cisco-authentication **********
            holding-time 300
            multicast dynamic
            redirect
        }
    }
    ospf {
        area 0 {
            network xxx.xxx.0.0/16
        }
        redistribute {
            static {
                metric-type 2
            }
        }
    }
    static {
        route xxx.xxx.0.0/0 {
            next-hop xxx.xxx.183.217 {
            }
        }
        route xxx.xxx.0.0/22 {
            next-hop xxx.xxx.0.25 {
            }
        }
        route xxx.xxx.4.0/22 {
            next-hop xxx.xxx.0.27 {
            }
        }
        route xxx.xxx.8.0/22 {
            next-hop xxx.xxx.0.29 {
            }
        }
    }
}
service {
    snmp {
        contact "Antech Cloud"
        listen-address xxx.xxx.20.1 {
            port 161
        }
        location xxxxxx
        v3 {
            engineid 000000000000000000000002
            group ANTECH-GRP {
                mode ro
                view ANTECH-VIEW
            }
            user xxxxxx {
                auth {
                    encrypted-password xxxxxx
                    type sha
                }
                group ANTECH-GRP
                privacy {
                    encrypted-password xxxxxx
                    type aes
                }
            }
            view ANTECH-VIEW {
                oid 1 {
                }
            }
        }
    }
    ssh {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name xxxxxx
    login {
        user xxxxxx {
            authentication {
                encrypted-password xxxxxx
                plaintext-password xxxxxx
            }
        }
        user xxxxxx {
            authentication {
                encrypted-password xxxxxx
                plaintext-password xxxxxx
            }
        }
    }
    ntp {
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Amsterdam
}
vpn {
    ipsec {
        esp-group ESP-ANTECH {
            compression disable
            lifetime 1800
            mode transport
            pfs dh-group16
            proposal 1 {
                encryption aes256
                hash sha256
            }
        }
        ike-group IKE-ANTECH {
            close-action none
            dead-peer-detection {
                action restart
                interval 3
                timeout 30
            }
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                dh-group 16
                encryption aes256
                hash sha256
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        profile NHRPVPN {
            authentication {
                mode pre-shared-secret
                pre-shared-secret xxxxxx
            }
            bind {
                tunnel tun0
            }
            esp-group ESP-ANTECH
            ike-group IKE-ANTECH
        }
    }
}

SPOKE

antech@ACS0001-CE1:~$ show configuration | strip-private
high-availability {
    vrrp {
        group DATA-LAN {
            hello-source-address xxx.xxx.0.1
            interface eth0.20
            peer-address xxx.xxx.0.2
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.0.3/24
            vrid 20
        }
        group GUEST-LAN {
            hello-source-address xxx.xxx.99.1
            interface eth0.99
            peer-address xxx.xxx.99.2
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.99.3/24
            vrid 99
        }
        group IOT-LAN {
            hello-source-address xxx.xxx.2.1
            interface eth0.40
            peer-address xxx.xxx.2.2
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.2.3/25
            vrid 40
        }
        group MNG-LAN {
            hello-source-address xxx.xxx.3.129
            interface eth0.70
            peer-address xxx.xxx.3.130
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.3.131/25
            vrid 70
        }
        group SERVER-LAN {
            hello-source-address xxx.xxx.3.1
            interface eth0.60
            peer-address xxx.xxx.3.2
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.3.3/25
            vrid 60
        }
        group VOICE-LAN {
            hello-source-address xxx.xxx.1.1
            interface eth0.30
            peer-address xxx.xxx.1.2
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.1.3/24
            vrid 30
        }
        group VPN-LAN {
            hello-source-address xxx.xxx.2.129
            interface eth0.50
            peer-address xxx.xxx.2.130
            preempt-delay 180
            priority 200
            virtual-address xxx.xxx.2.131/25
            vrid 50
        }
    }
}
interfaces {
    ethernet eth0 {
        hw-id XX:XX:XX:XX:XX:84
        vif 6 {
            description INET1-PPPOE
        }
        vif 10 {
            address xxx.xxx.1.10/24
            description INET2-DHCP
            disable
        }
        vif 20 {
            address xxx.xxx.0.1/24
            description DATA
            policy {
                route MSS
            }
        }
        vif 30 {
            address xxx.xxx.1.1/24
            description VOICE
            policy {
                route MSS
            }
        }
        vif 40 {
            address xxx.xxx.2.1/25
            description IOT
            policy {
                route MSS
            }
        }
        vif 50 {
            address xxx.xxx.2.129/25
            description VPN
            policy {
                route MSS
            }
        }
        vif 60 {
            address xxx.xxx.3.1/25
            description SERVER
            policy {
                route MSS
            }
        }
        vif 70 {
            address xxx.xxx.3.129/25
            description MNG
            policy {
                route MSS
            }
        }
        vif 99 {
            address xxx.xxx.99.1/24
            description GUEST
            policy {
                route MSS
            }
            vrf INTERNET
        }
    }
    loopback lo {
    }
    pppoe pppoe0 {
        authentication {
            password xxxxxx
            user xxxxxx
        }
        default-route force
        description XDSL
        firewall {
            in {
            }
            local {
            }
            out {
            }
        }
        mtu 1492
        policy {
            route MSS
        }
        source-interface eth0.6
    }
    tunnel tun0 {
        address xxx.xxx.0.25/16
        encapsulation gre
        mtu 1400
        multicast enable
        parameters {
            ip {
                key xxxxxx
            }
        }
        policy {
            route MSS_TUNNEL
        }
        source-address xxx.xxx.155.107
    }
    wireless wlan0 {
        hw-id XX:XX:XX:XX:XX:86
        physical-device phy0
    }
}
load-balancing {
    wan {
        flush-connections
        interface-health eth0.10 {
            failure-count 3
            nexthop xxx.xxx.1.254
            success-count 3
            test 1 {
                resp-time 5
                target xxx.xxx.8.8
                ttl-limit 16
            }
        }
        interface-health pppoe0 {
            failure-count 3
            nexthop dhcp
            success-count 3
            test 1 {
                resp-time 5
                target xxx.xxx.8.8
                ttl-limit 16
            }
        }
        rule 1 {
            failover
            inbound-interface et0.20
            interface eth0.10 {
                weight 1
            }
            interface pppoe0 {
                weight 2
            }
            protocol all
        }
    }
}
nat {
    destination {
        rule 10 {
            description "PROXMOX SERVER"
            destination {
                port 8006
            }
            inbound-interface pppoe0
            protocol tcp
            translation {
                address xxx.xxx.3.10
            }
        }
    }
    source {
        rule 6 {
            outbound-interface pppoe0
            translation {
                address masquerade
            }
        }
        rule 10 {
            outbound-interface eth0.10
            translation {
                address masquerade
            }
        }
    }
}
policy {
    route MSS {
        description MSS
        rule 5 {
            protocol tcp
            set {
                tcp-mss 1452
            }
            tcp {
                flags SYN
            }
        }
    }
    route MSS_TUNNEL {
        description MSS_TUNNEL
        rule 10 {
            protocol tcp
            set {
                tcp-mss 1360
            }
            tcp {
                flags SYN
            }
        }
    }
}
protocols {
    nhrp {
        tunnel tun0 {
            cisco-authentication *********
            holding-time 300
            map xxx.xxx.0.1/16 {
                nbma-address xxx.xxx.183.218
                register
            }
            multicast nhs
            redirect
            shortcut
        }
    }
    ospf {
        area 0 {
            network xxx.xxx.0.0/22
        }
        redistribute {
            static {
                metric-type 2
            }
        }
    }
    static {
        interface-route xxx.xxx.0.0/0 {
            next-hop-interface pppoe0 {
            }
        }
        route xxx.xxx.0.0/16 {
            next-hop xxx.xxx.0.1 {
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name xxxxxx {
            subnet xxx.xxx.0.0/24 {
                default-router xxx.xxx.0.3
                dns-server xxx.xxx.222.222
                dns-server xxx.xxx.220.220
                lease 86400
                range 0 {
                    start xxx.xxx.0.25
                    stop xxx.xxx.0.250
                }
            }
        }
        shared-network-name xxxxxx {
            subnet xxx.xxx.99.0/24 {
                default-router xxx.xxx.99.3
                dns-server xxx.xxx.8.8
                dns-server xxx.xxx.4.4
                lease 86400
                range 0 {
                    start xxx.xxx.99.25
                    stop xxx.xxx.99.250
                }
            }
        }
        shared-network-name xxxxxx {
            subnet xxx.xxx.2.0/25 {
                default-router xxx.xxx.2.3
                dns-server xxx.xxx.222.222
                dns-server xxx.xxx.220.220
                lease 86400
                range 0 {
                    start xxx.xxx.2.20
                    stop xxx.xxx.2.120
                }
            }
        }
        shared-network-name xxxxxx {
            subnet xxx.xxx.3.0/25 {
                default-router xxx.xxx.3.3
                dns-server xxx.xxx.222.222
                dns-server xxx.xxx.220.220
                lease 86400
                range 0 {
                    start xxx.xxx.3.100
                    stop xxx.xxx.3.120
                }
            }
        }
        shared-network-name xxxxxx {
            subnet xxx.xxx.1.0/24 {
                default-router xxx.xxx.1.3
                dns-server xxx.xxx.222.222
                dns-server xxx.xxx.220.220
                lease 86400
                range 0 {
                    start xxx.xxx.1.25
                    stop xxx.xxx.1.250
                }
            }
        }
        shared-network-name xxxxxx {
            subnet xxx.xxx.2.128/25 {
                default-router xxx.xxx.2.131
                dns-server xxx.xxx.222.222
                dns-server xxx.xxx.220.220
                lease 86400
                range 0 {
                    start xxx.xxx.2.150
                    stop xxx.xxx.2.250
                }
            }
        }
    }
    lldp {
        interface all {
        }
        interface eth0.6 {
            disable
        }
        interface eth0.10 {
            disable
        }
        interface pppoe0 {
            disable
        }
        legacy-protocols {
            cdp
        }
    }
    snmp {
        contact "Antech"
        listen-address xxx.xxx.3.129 {
            port 161
        }
        location xxxxxx
        v3 {
            engineid 000000000000000000000002
            group ANTECH-GRP {
                mode ro
                view ANTECH-VIEW
            }
            user xxxxxx {
                auth {
                    encrypted-password xxxxxx
                    type sha
                }
                group ANTECH-GRP
                privacy {
                    encrypted-password xxxxxx
                    type aes
                }
            }
            view ANTECH-VIEW {
                oid 1 {
                }
            }
        }
    }
    ssh {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    flow-accounting {
        interface eth0.6
        netflow {
            engine-id 10
            server xxxxx.tld {
                port 2055
            }
            timeout {
                expiry-interval 120
            }
            version 9
        }
    }
    host-name xxxxxx
    login {
        banner {
            post-login "This system is restricted."
        }
        user xxxxxx {
            authentication {
                encrypted-password xxxxxx
            }
        }
    }
    name-server xxx.xxx.222.222
    ntp {
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
        server xxxxx.tld {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
        host xxx.xxx.20.10 {
            facility all {
                level warning
            }
            port 514
        }
    }
    time-zone Europe/Amsterdam
}
vpn {
    ipsec {
        esp-group ESP-ANTECH {
            compression disable
            lifetime 1800
            mode transport
            pfs dh-group16
            proposal 1 {
                encryption aes256
                hash sha256
            }
        }
        ike-group IKE-ANTECH {
            close-action none
            dead-peer-detection {
                action restart
                interval 3
                timeout 30
            }
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                dh-group 16
                encryption aes256
                hash sha256
            }
        }
        ipsec-interfaces {
            interface pppoe0
        }
        profile NHRPVPN {
            authentication {
                mode pre-shared-secret
                pre-shared-secret xxxxxx
            }
            bind {
                tunnel tun0
            }
            esp-group ESP-ANTECH
            ike-group IKE-ANTECH
        }
    }
}
vrf {
    name INTERNET {
        description GUEST-TRAFFIC-OUT
        table 100
    }
}
antech@ACS0001-CE1:~$

Arpanet69 · April 19, 2022, 4:18pm

Journal:

Spoke

--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 3468994.
Apr 19 18:08:19 ACS0001-CE1 agetty[16181]: /dev/ttyS0: not a tty
Apr 19 18:08:22 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:22 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 2655902784 [ HASH N(DPD) ]
Apr 19 18:08:22 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 3666027598 [ HASH N(DPD_ACK) ]
Apr 19 18:08:22 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:24 ACS0001-CE1 wan_lb[2773]: wan_lb: error on sending icmp packet: 101
Apr 19 18:08:27 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:27 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 2910721468 [ HASH N(DPD) ]
Apr 19 18:08:27 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 1245478140 [ HASH N(DPD_ACK) ]
Apr 19 18:08:27 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:29 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:08:29 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:08:29 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 66672.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:08:29 ACS0001-CE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 3469046 and the job result is done.
Apr 19 18:08:29 ACS0001-CE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 3469046.
Apr 19 18:08:29 ACS0001-CE1 agetty[16186]: /dev/ttyS0: not a tty
Apr 19 18:08:32 ACS0001-CE1 charon[2387]: 09[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:32 ACS0001-CE1 charon[2387]: 09[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 3344365282 [ HASH N(DPD) ]
Apr 19 18:08:32 ACS0001-CE1 charon[2387]: 09[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 768817505 [ HASH N(DPD_ACK) ]
Apr 19 18:08:32 ACS0001-CE1 charon[2387]: 09[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:34 ACS0001-CE1 opennhrp[13138]: NL-ARP(tun0) who-has 172.16.0.1
Apr 19 18:08:34 ACS0001-CE1 opennhrp[13138]: NL-ARP(tun0) 172.16.0.1 is-at 95.97.183.218
Apr 19 18:08:34 ACS0001-CE1 wan_lb[2773]: wan_lb: error on sending icmp packet: 101
Apr 19 18:08:37 ACS0001-CE1 charon[2387]: 08[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:37 ACS0001-CE1 charon[2387]: 08[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 40525214 [ HASH N(DPD) ]
Apr 19 18:08:37 ACS0001-CE1 charon[2387]: 08[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 3579667129 [ HASH N(DPD_ACK) ]
Apr 19 18:08:37 ACS0001-CE1 charon[2387]: 08[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:39 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:08:40 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:08:40 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 66673.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:08:40 ACS0001-CE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 3469098 and the job result is done.
Apr 19 18:08:40 ACS0001-CE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 3469098.
Apr 19 18:08:40 ACS0001-CE1 agetty[16191]: /dev/ttyS0: not a tty
Apr 19 18:08:43 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:43 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 570152600 [ HASH N(DPD) ]
Apr 19 18:08:43 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 3207549990 [ HASH N(DPD_ACK) ]
Apr 19 18:08:43 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:45 ACS0001-CE1 wan_lb[2773]: wan_lb: error on sending icmp packet: 101
Apr 19 18:08:48 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:48 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 3906108620 [ HASH N(DPD) ]
Apr 19 18:08:48 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 498543318 [ HASH N(DPD_ACK) ]
Apr 19 18:08:48 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:50 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:08:50 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:08:50 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 66674.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:08:50 ACS0001-CE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 3469150 and the job result is done.
Apr 19 18:08:50 ACS0001-CE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 3469150.
Apr 19 18:08:50 ACS0001-CE1 agetty[16196]: /dev/ttyS0: not a tty
Apr 19 18:08:53 ACS0001-CE1 charon[2387]: 09[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:53 ACS0001-CE1 charon[2387]: 09[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 1279796766 [ HASH N(DPD) ]
Apr 19 18:08:53 ACS0001-CE1 charon[2387]: 09[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 1694090611 [ HASH N(DPD_ACK) ]
Apr 19 18:08:53 ACS0001-CE1 charon[2387]: 09[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:08:55 ACS0001-CE1 wan_lb[2773]: wan_lb: error on sending icmp packet: 101
Apr 19 18:08:58 ACS0001-CE1 charon[2387]: 08[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:08:58 ACS0001-CE1 charon[2387]: 08[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 1197202618 [ HASH N(DPD) ]
Apr 19 18:08:58 ACS0001-CE1 charon[2387]: 08[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 1438096515 [ HASH N(DPD_ACK) ]
Apr 19 18:08:58 ACS0001-CE1 charon[2387]: 08[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:09:00 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:09:00 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:09:00 ACS0001-CE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 66675.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:09:00 ACS0001-CE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 3469202 and the job result is done.
Apr 19 18:09:00 ACS0001-CE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 3469202.
Apr 19 18:09:00 ACS0001-CE1 agetty[16206]: /dev/ttyS0: not a tty
Apr 19 18:09:03 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:09:03 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 3656949932 [ HASH N(DPD) ]
Apr 19 18:09:03 ACS0001-CE1 charon[2387]: 05[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 2437583151 [ HASH N(DPD_ACK) ]
Apr 19 18:09:03 ACS0001-CE1 charon[2387]: 05[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:09:04 ACS0001-CE1 wan_lb[2773]: wan_lb: error on sending icmp packet: 101
Apr 19 18:09:07 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> received packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:09:07 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> parsed INFORMATIONAL_V1 request 3175289235 [ HASH N(DPD) ]
Apr 19 18:09:07 ACS0001-CE1 charon[2387]: 10[ENC] <dmvpn-NHRPVPN-tun0|252> generating INFORMATIONAL_V1 request 1860392016 [ HASH N(DPD_ACK) ]
Apr 19 18:09:07 ACS0001-CE1 charon[2387]: 10[NET] <dmvpn-NHRPVPN-tun0|252> sending packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)

Arpanet69 · April 19, 2022, 4:20pm

Journal

SPOKE


-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 17:59:43 AC-DC1-PE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 26275939 and the job result is done.
Apr 19 17:59:43 AC-DC1-PE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 26275939.
Apr 19 17:59:43 AC-DC1-PE1 agetty[13040]: /dev/ttyS0: not a tty
Apr 19 17:59:44 AC-DC1-PE1 sshd[13041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.171.235  user=root
Apr 19 17:59:44 AC-DC1-PE1 charon[1568]: 09[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 17:59:44 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 3253999466 [ HASH N(DPD) ]
Apr 19 17:59:44 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 17:59:44 AC-DC1-PE1 charon[1568]: 11[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:44 AC-DC1-PE1 charon[1568]: 11[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 1779280963 [ HASH N(DPD_ACK) ]
Apr 19 17:59:45 AC-DC1-PE1 sshd[13041]: Failed password for root from 46.101.171.235 port 35716 ssh2
Apr 19 17:59:47 AC-DC1-PE1 sshd[13041]: Received disconnect from 46.101.171.235 port 35716:11: Bye Bye [preauth]
Apr 19 17:59:47 AC-DC1-PE1 sshd[13041]: Disconnected from authenticating user root 46.101.171.235 port 35716 [preauth]
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 06[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 1406497235 [ HASH N(DPD) ]
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 13[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 13[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 3251854553 [ HASH N(DPD_ACK) ]
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 15[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 15[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 90234462 [ HASH N(DPD) ]
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 15[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:49 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 1071544713 [ HASH N(DPD_ACK) ]
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.27 to 172.16.0.1
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[13046]: Received peer registration request: 95.97.183.218 92.64.242.145
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer registration authorized
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:18
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:29
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer up script: success
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.27 is-at 92.64.242.145
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer inserted to multicast list
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.27 (1 bindings accepted, 0 rejected)
Apr 19 17:59:50 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.27 (nbma 92.64.242.145), to: 172.16.0.1 (nbma 92.64.242.145)
Apr 19 17:59:53 AC-DC1-PE1 charon[1568]: 16[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 17:59:53 AC-DC1-PE1 charon[1568]: 16[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 2984408091 [ HASH N(DPD) ]
Apr 19 17:59:53 AC-DC1-PE1 charon[1568]: 16[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 2686014220 [ HASH N(DPD_ACK) ]
Apr 19 17:59:53 AC-DC1-PE1 charon[1568]: 16[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.29 to 172.16.0.1
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[13052]: Received peer registration request: 95.97.183.218 84.35.67.198
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer registration authorized
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:18
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:29
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer up script: success
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.29 is-at 84.35.67.198
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer inserted to multicast list
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.29 (1 bindings accepted, 0 rejected)
Apr 19 17:59:53 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.29 (nbma 192.168.16.100), to: 172.16.0.1 (nbma 84.35.67.198)
Apr 19 17:59:53 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 17:59:53 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 17:59:53 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 505163.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 17:59:53 AC-DC1-PE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 26275991 and the job result is done.
Apr 19 17:59:53 AC-DC1-PE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 26275991.
Apr 19 17:59:53 AC-DC1-PE1 agetty[13055]: /dev/ttyS0: not a tty
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 13[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 13[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 1764575640 [ HASH N(DPD) ]
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 13[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 15[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 15[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 98424672 [ HASH N(DPD_ACK) ]
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 09[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 2182168095 [ HASH N(DPD) ]
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 11[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:54 AC-DC1-PE1 charon[1568]: 11[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 4130094835 [ HASH N(DPD_ACK) ]
Apr 19 17:59:54 AC-DC1-PE1 sshd[13047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.239.86.48  user=root
Apr 19 17:59:56 AC-DC1-PE1 charon[1568]: 08[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 17:59:56 AC-DC1-PE1 charon[1568]: 08[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 3043899820 [ HASH N(DPD) ]
Apr 19 17:59:56 AC-DC1-PE1 charon[1568]: 08[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 1852050425 [ HASH N(DPD_ACK) ]
Apr 19 17:59:56 AC-DC1-PE1 charon[1568]: 08[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 17:59:57 AC-DC1-PE1 sshd[13047]: Failed password for root from 170.239.86.48 port 52812 ssh2
Apr 19 17:59:58 AC-DC1-PE1 sshd[13047]: Received disconnect from 170.239.86.48 port 52812:11: Bye Bye [preauth]
Apr 19 17:59:58 AC-DC1-PE1 sshd[13047]: Disconnected from authenticating user root 170.239.86.48 port 52812 [preauth]
Apr 19 17:59:58 AC-DC1-PE1 charon[1568]: 06[IKE] <dmvpn-NHRPVPN-tun0|4765> sending DPD request
Apr 19 17:59:58 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 975453091 [ HASH N(DPD) ]
Apr 19 17:59:58 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 17:59:58 AC-DC1-PE1 charon[1568]: 13[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 17:59:58 AC-DC1-PE1 charon[1568]: 13[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 678874015 [ HASH N(DPD_ACK) ]
Apr 19 17:59:59 AC-DC1-PE1 charon[1568]: 15[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 17:59:59 AC-DC1-PE1 charon[1568]: 15[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 1766300728 [ HASH N(DPD) ]
Apr 19 17:59:59 AC-DC1-PE1 charon[1568]: 15[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 17:59:59 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 17:59:59 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 1523427108 [ HASH N(DPD_ACK) ]
Apr 19 18:00:01 AC-DC1-PE1 charon[1568]: 08[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 18:00:01 AC-DC1-PE1 charon[1568]: 08[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 1061224835 [ HASH N(DPD) ]
Apr 19 18:00:01 AC-DC1-PE1 charon[1568]: 08[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 1896145382 [ HASH N(DPD_ACK) ]
Apr 19 18:00:01 AC-DC1-PE1 charon[1568]: 08[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 18:00:01 AC-DC1-PE1 sshd[13056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.105.79  user=root
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.27 to 172.16.0.1
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[13061]: Received peer registration request: 95.97.183.218 92.64.242.145
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer registration authorized
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:18
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:29
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer up script: success
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.27 is-at 92.64.242.145
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer inserted to multicast list
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.27 (1 bindings accepted, 0 rejected)
Apr 19 18:00:01 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.27 (nbma 92.64.242.145), to: 172.16.0.1 (nbma 92.64.242.145)
Apr 19 18:00:02 AC-DC1-PE1 CRON[13062]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 19 18:00:02 AC-DC1-PE1 CRON[13063]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /us
Apr 19 18:00:02 AC-DC1-PE1 CRON[13062]: pam_unix(cron:session): session closed for user smmsp
Apr 19 18:00:03 AC-DC1-PE1 sshd[13056]: Failed password for root from 43.154.105.79 port 50950 ssh2
Apr 19 18:00:03 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:00:03 AC-DC1-PE1 charon[1568]: 16[IKE] <dmvpn-NHRPVPN-tun0|4765> sending DPD request
Apr 19 18:00:03 AC-DC1-PE1 charon[1568]: 16[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 1473879053 [ HASH N(DPD) ]
Apr 19 18:00:03 AC-DC1-PE1 charon[1568]: 16[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 18:00:03 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 18:00:03 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 2866002464 [ HASH N(DPD_ACK) ]
Apr 19 18:00:04 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:00:04 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 505164.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:00:04 AC-DC1-PE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 26276043 and the job result is done.
Apr 19 18:00:04 AC-DC1-PE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 26276043.
Apr 19 18:00:04 AC-DC1-PE1 agetty[13068]: /dev/ttyS0: not a tty
Apr 19 18:00:04 AC-DC1-PE1 charon[1568]: 13[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 18:00:04 AC-DC1-PE1 charon[1568]: 13[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 1683011308 [ HASH N(DPD) ]
Apr 19 18:00:04 AC-DC1-PE1 charon[1568]: 13[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:00:04 AC-DC1-PE1 charon[1568]: 15[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:04 AC-DC1-PE1 charon[1568]: 15[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 3836486837 [ HASH N(DPD_ACK) ]
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.29 to 172.16.0.1
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[13072]: Received peer registration request: 95.97.183.218 84.35.67.198
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer registration authorized
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:18
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:29
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer up script: success
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.29 is-at 84.35.67.198
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer inserted to multicast list
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.29 (1 bindings accepted, 0 rejected)
Apr 19 18:00:04 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.29 (nbma 192.168.16.100), to: 172.16.0.1 (nbma 84.35.67.198)
Apr 19 18:00:05 AC-DC1-PE1 sshd[13056]: Received disconnect from 43.154.105.79 port 50950:11: Bye Bye [preauth]
Apr 19 18:00:05 AC-DC1-PE1 sshd[13056]: Disconnected from authenticating user root 43.154.105.79 port 50950 [preauth]
Apr 19 18:00:05 AC-DC1-PE1 charon[1568]: 09[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 18:00:05 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 3306882267 [ HASH N(DPD) ]
Apr 19 18:00:05 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 18:00:05 AC-DC1-PE1 charon[1568]: 11[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:05 AC-DC1-PE1 charon[1568]: 11[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 2491990323 [ HASH N(DPD_ACK) ]
Apr 19 18:00:07 AC-DC1-PE1 charon[1568]: 07[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 18:00:07 AC-DC1-PE1 charon[1568]: 07[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 666933636 [ HASH N(DPD) ]
Apr 19 18:00:07 AC-DC1-PE1 charon[1568]: 07[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 807960188 [ HASH N(DPD_ACK) ]
Apr 19 18:00:07 AC-DC1-PE1 charon[1568]: 07[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 18:00:08 AC-DC1-PE1 snmpd[1931]: Authentication failed for antech
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 919258518 [ HASH N(DPD) ]
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 3647819287 [ HASH N(DPD_ACK) ]
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 09[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 1887486949 [ HASH N(DPD) ]
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 11[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:10 AC-DC1-PE1 charon[1568]: 11[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 2020283506 [ HASH N(DPD_ACK) ]
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 07[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 07[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 523823903 [ HASH N(DPD) ]
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 07[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 12[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 12[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 226006150 [ HASH N(DPD_ACK) ]
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.27 to 172.16.0.1
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[13076]: Received peer registration request: 95.97.183.218 92.64.242.145
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer registration authorized
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:18
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.27/32 nbma 92.64.242.145 dev tun0 up expires_in 0:29
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer up script: success
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.27 is-at 92.64.242.145
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: [172.16.0.27] Peer inserted to multicast list
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.27 (1 bindings accepted, 0 rejected)
Apr 19 18:00:12 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.27 (nbma 92.64.242.145), to: 172.16.0.1 (nbma 92.64.242.145)
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 14[IKE] <dmvpn-NHRPVPN-tun0|4765> sending DPD request
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 14[ENC] <dmvpn-NHRPVPN-tun0|4765> generating INFORMATIONAL_V1 request 246932399 [ HASH N(DPD) ]
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 14[NET] <dmvpn-NHRPVPN-tun0|4765> sending packet: from 95.97.183.218[4500] to 84.35.67.198[4500] (108 bytes)
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 10[NET] <dmvpn-NHRPVPN-tun0|4765> received packet: from 84.35.67.198[4500] to 95.97.183.218[4500] (108 bytes)
Apr 19 18:00:12 AC-DC1-PE1 charon[1568]: 10[ENC] <dmvpn-NHRPVPN-tun0|4765> parsed INFORMATIONAL_V1 request 1388876512 [ HASH N(DPD_ACK) ]
Apr 19 18:00:13 AC-DC1-PE1 snmpd[1931]: Authentication failed for antech
Apr 19 18:00:14 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit serial-getty@ttyS0.service has successfully entered the 'dead' state.
Apr 19 18:00:14 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
Apr 19 18:00:14 AC-DC1-PE1 systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 505165.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit serial-getty@ttyS0.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Apr 19 18:00:14 AC-DC1-PE1 systemd[1]: Stopped Serial Getty on ttyS0.
-- Subject: A stop job for unit serial-getty@ttyS0.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit serial-getty@ttyS0.service has finished.
--
-- The job identifier is 26276095 and the job result is done.
Apr 19 18:00:14 AC-DC1-PE1 systemd[1]: Started Serial Getty on ttyS0.
-- Subject: A start job for unit serial-getty@ttyS0.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit serial-getty@ttyS0.service has finished successfully.
--
-- The job identifier is 26276095.
Apr 19 18:00:14 AC-DC1-PE1 agetty[13081]: /dev/ttyS0: not a tty
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 06[IKE] <dmvpn-NHRPVPN-tun0|4766> sending DPD request
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 06[ENC] <dmvpn-NHRPVPN-tun0|4766> generating INFORMATIONAL_V1 request 1357271316 [ HASH N(DPD) ]
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 06[NET] <dmvpn-NHRPVPN-tun0|4766> sending packet: from 95.97.183.218[500] to 92.64.242.145[500] (108 bytes)
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 13[NET] <dmvpn-NHRPVPN-tun0|4766> received packet: from 92.64.242.145[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 13[ENC] <dmvpn-NHRPVPN-tun0|4766> parsed INFORMATIONAL_V1 request 1252725952 [ HASH N(DPD_ACK) ]
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 15[IKE] <dmvpn-NHRPVPN-tun0|4767> sending DPD request
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 15[ENC] <dmvpn-NHRPVPN-tun0|4767> generating INFORMATIONAL_V1 request 1637029113 [ HASH N(DPD) ]
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 15[NET] <dmvpn-NHRPVPN-tun0|4767> sending packet: from 95.97.183.218[500] to 77.61.155.107[500] (108 bytes)
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 09[NET] <dmvpn-NHRPVPN-tun0|4767> received packet: from 77.61.155.107[500] to 95.97.183.218[500] (108 bytes)
Apr 19 18:00:15 AC-DC1-PE1 charon[1568]: 09[ENC] <dmvpn-NHRPVPN-tun0|4767> parsed INFORMATIONAL_V1 request 1293969822 [ HASH N(DPD_ACK) ]
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: Received Registration Request from proto src 172.16.0.29 to 172.16.0.1
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[13085]: Received peer registration request: 95.97.183.218 84.35.67.198
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer registration authorized
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: Removing dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:18
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: Adding dynamic 172.16.0.29/32 nbma 84.35.67.198 nbma-nat-oa 192.168.16.100 dev tun0 up expires_in 0:29
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer up script: success
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: NL-ARP(tun0) 172.16.0.29 is-at 84.35.67.198
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: [172.16.0.29] Peer inserted to multicast list
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: Sending Registration Reply from proto src 172.16.0.1 to 172.16.0.29 (1 bindings accepted, 0 rejected)
Apr 19 18:00:15 AC-DC1-PE1 opennhrp[28461]: Sending packet 4, from: 172.16.0.29 (nbma 192.168.16.100), to: 172.16.0.1 (nbma 84.35.67.198)

Viacheslav · April 19, 2022, 9:08pm

Can you replace one file?
On spoke nodes
You can download .py script from ⚓ T4350 DMVPN opennhrp spokes dont work behind NAT
and execute
sudo python3 opennhrp-script-fix.py
After reboot the spoke nodes.

Arpanet69 · April 25, 2022, 1:25pm

Hi All,

Unfortunately that didn’t solved my issue. Still facing the same instabilities.

Hope we can try something else. Notice that we have client sites behind a NAT router and client sites that service NAT on the router with a public IP. The script is runned in our lab is a PPPoE Client with public IP and NAT. The above data is from the lab instance.

If I remember well these issues started when adding spokes behind a NAT router and i had to adjust the configuration for it. Spokes with a public IP had no stability issues in the past.

It seemed to be stable back then so i closed the ticket meanwhile it was unstable

Thanks!

Rufat · April 25, 2022, 6:26pm

The PPPoE interface is used here.
This may cause the ISP to delete and restart the user session for a period of time.
Maybe it affects the stable.

Arpanet69 · April 25, 2022, 6:36pm

Hi Rufat,

We have have different type of connections at different sites. We are facing the same instability issues at sites that has fiber connection and no PPPoE and no NAT.

I will remove the PPPoE client and the NAT from the lab router and move it to the bridge modem. I have a draytek vigor 130 VDSL router as bridge currently. I will test and let you know the outcome.

Thanks!